Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:38967
HistoryJan 23, 2023 - 7:36 p.m.

Remote Code Execution(RCE)

2023-01-2319:36:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
libxpm
remote code execution
file extensions
path environment variable
software

EPSS

0.002

Percentile

52.4%

libxpm is vulnerable to Remote Code Execution(RCE). When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable.

Affected configurations

Vulners
Node
-libxpm\Matchedge3.5.13-r0
OR
-libxpm\Matchedge3.5.13-r1
OR
-libxpm\Matchedge3.5.14-r0
OR
-libxpm\Match3.143.5.13-r0
OR
-libxpm\Match3.163.5.13-r0
OR
-libxpm\Match3.173.5.13-r1
OR
-libxpm\Match3.173.5.14-r0
OR
-libxpm\Match3.153.5.13-r0
OR
libxpmMatch3.5.8_2.el6
OR
libxpmMatch3.5.12_7.el8
OR
libxpmMatch3.5.10_2.el6
OR
libxpmMatch3.5.12_8.el8
OR
libxpmMatch3.5.12_1.el7
OR
-libxpm\Matchedge3.5.13-r0
OR
-libxpm\Matchedge3.5.13-r1
OR
-libxpm\Matchedge3.5.14-r0
OR
-libxpm\Match3.143.5.13-r0
OR
-libxpm\Match3.163.5.13-r0
OR
-libxpm\Match3.173.5.13-r1
OR
-libxpm\Match3.173.5.14-r0
OR
-libxpm\Match3.153.5.13-r0
OR
libxpmMatch3.5.8_2.el6
OR
libxpmMatch3.5.12_7.el8
OR
libxpmMatch3.5.10_2.el6
OR
libxpmMatch3.5.12_8.el8
OR
libxpmMatch3.5.12_1.el7
VendorProductVersionCPE
-libxpm\edgecpe:2.3:a:-:libxpm\:edge:3.5.13-r0:*:*:*:*:*:*:*
-libxpm\edgecpe:2.3:a:-:libxpm\:edge:3.5.13-r1:*:*:*:*:*:*:*
-libxpm\edgecpe:2.3:a:-:libxpm\:edge:3.5.14-r0:*:*:*:*:*:*:*
-libxpm\3.14cpe:2.3:a:-:libxpm\:3.14:3.5.13-r0:*:*:*:*:*:*:*
-libxpm\3.16cpe:2.3:a:-:libxpm\:3.16:3.5.13-r0:*:*:*:*:*:*:*
-libxpm\3.17cpe:2.3:a:-:libxpm\:3.17:3.5.13-r1:*:*:*:*:*:*:*
-libxpm\3.17cpe:2.3:a:-:libxpm\:3.17:3.5.14-r0:*:*:*:*:*:*:*
-libxpm\3.15cpe:2.3:a:-:libxpm\:3.15:3.5.13-r0:*:*:*:*:*:*:*
*libxpm3.5.8_2.el6cpe:2.3:a:*:libxpm:3.5.8_2.el6:*:*:*:*:*:*:*
*libxpm3.5.12_7.el8cpe:2.3:a:*:libxpm:3.5.12_7.el8:*:*:*:*:*:*:*
Rows per page:
1-10 of 131